Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-sgc4-z5aa-nkct
Vulnerability ID VCID-sgc4-z5aa-nkct
Aliases CVE-2022-1834
Summary Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2022-1834
cvssv3.1 6.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2761
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2022-22/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2022-22/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2092416 https://bugzilla.redhat.com/show_bug.cgi?id=2092416
AVG-2761 https://security.archlinux.org/AVG-2761
GLSA-202208-14 https://security.gentoo.org/glsa/202208-14
mfsa2022-22 https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
mfsa2022-22 https://www.mozilla.org/security/advisories/mfsa2022-22/
RHSA-2022:4887 https://access.redhat.com/errata/RHSA-2022:4887
RHSA-2022:4888 https://access.redhat.com/errata/RHSA-2022:4888
RHSA-2022:4889 https://access.redhat.com/errata/RHSA-2022:4889
RHSA-2022:4890 https://access.redhat.com/errata/RHSA-2022:4890
RHSA-2022:4891 https://access.redhat.com/errata/RHSA-2022:4891
RHSA-2022:4892 https://access.redhat.com/errata/RHSA-2022:4892
show_bug.cgi?id=1767816 https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
USN-5512-1 https://usn.ubuntu.com/5512-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:15:11Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-22/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:15:11Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-22/
Exploit Prediction Scoring System (EPSS)
Percentile 0.38595
EPSS Score 0.00173
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:58:34.495024+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202208-14 38.0.0